Merge branch 'zero' of git://dev.medozas.de/iptables
diff --git a/ip6tables.8.in b/ip6tables.8.in
index 7d9a617..66d8543 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -42,7 +42,7 @@
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP}
-[\fIchain\fP] [\fIoptions...\fP]
+[\fIchain\fP [\fIrulenum\fP]] [\fIoptions...\fP]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-N\fP \fIchain\fP
.PP
@@ -182,8 +182,9 @@
Flush the selected chain (all the chains in the table if none is given).
This is equivalent to deleting all the rules one by one.
.TP
-\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP]
-Zero the packet and byte counters in all chains. It is legal to
+\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP [\fIrulenum\fP]]
+Zero the packet and byte counters in all chains, or only the given chain,
+or only the given rule in a chain. It is legal to
specify the
\fB\-L\fP, \fB\-\-list\fP
(list) option as well, to see the counters immediately before they are
diff --git a/ip6tables.c b/ip6tables.c
index f974fb1..8f653e8 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -81,9 +81,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPT_NONE 0x00000U
#define OPT_NUMERIC 0x00001U
@@ -172,6 +173,7 @@
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x',' '},
@@ -267,7 +269,8 @@
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1376,8 +1379,8 @@
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1388,8 +1391,8 @@
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1415,6 +1418,11 @@
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -1953,8 +1961,12 @@
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
break;
+ case CMD_ZERO_NUM:
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -1965,9 +1977,12 @@
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -1975,6 +1990,8 @@
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = ip6tc_zero_counter(chain, rulenum, *handle);
break;
case CMD_NEW_CHAIN:
ret = ip6tc_create_chain(chain, *handle);
diff --git a/iptables.8.in b/iptables.8.in
index 6125e65..928f46a 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -35,7 +35,7 @@
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP] [\fIoptions...\fP]
+\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP [\fIrulenum\fP]] [\fIoptions...\fP]
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-N\fP \fIchain\fP
.PP
@@ -189,8 +189,9 @@
Flush the selected chain (all the chains in the table if none is given).
This is equivalent to deleting all the rules one by one.
.TP
-\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP]
-Zero the packet and byte counters in all chains. It is legal to
+\fB\-Z\fP, \fB\-\-zero\fP [\fIchain\fP [\fIrulenum\fP]]
+Zero the packet and byte counters in all chains, or only the given chain,
+or only the given rule in a chain. It is legal to
specify the
\fB\-L\fP, \fB\-\-list\fP
(list) option as well, to see the counters immediately before they are
diff --git a/iptables.c b/iptables.c
index a229c35..7228721 100644
--- a/iptables.c
+++ b/iptables.c
@@ -78,9 +78,10 @@
#define CMD_SET_POLICY 0x0400U
#define CMD_RENAME_CHAIN 0x0800U
#define CMD_LIST_RULES 0x1000U
-#define NUMBER_OF_CMD 14
+#define CMD_ZERO_NUM 0x2000U
+#define NUMBER_OF_CMD 15
static const char cmdflags[] = { 'I', 'D', 'D', 'R', 'A', 'L', 'F', 'Z',
- 'N', 'X', 'P', 'E', 'S' };
+ 'Z', 'N', 'X', 'P', 'E', 'S' };
#define OPT_NONE 0x00000U
#define OPT_NUMERIC 0x00001U
@@ -172,6 +173,7 @@
/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ','x'},
/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
+/*ZERO_NUM*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x','x'},
/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x',' '},
@@ -280,7 +282,8 @@
" --list-rules -S [chain [rulenum]]\n"
" Print the rules in a chain or all chains\n"
" --flush -F [chain] Delete all rules in chain or all chains\n"
-" --zero -Z [chain] Zero counters in chain or all chains\n"
+" --zero -Z [chain [rulenum]]\n"
+" Zero counters in chain or all chains\n"
" --new -N chain Create a new user-defined chain\n"
" --delete-chain\n"
" -X [chain] Delete a user-defined chain\n"
@@ -1399,8 +1402,8 @@
break;
case 'L':
- add_command(&command, CMD_LIST, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST,
+ CMD_ZERO | CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1411,8 +1414,8 @@
break;
case 'S':
- add_command(&command, CMD_LIST_RULES, CMD_ZERO,
- invert);
+ add_command(&command, CMD_LIST_RULES,
+ CMD_ZERO|CMD_ZERO_NUM, invert);
if (optarg) chain = optarg;
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
@@ -1438,6 +1441,11 @@
else if (optind < argc && argv[optind][0] != '-'
&& argv[optind][0] != '!')
chain = argv[optind++];
+ if (optind < argc && argv[optind][0] != '-'
+ && argv[optind][0] != '!') {
+ rulenum = parse_rulenumber(argv[optind++]);
+ command = CMD_ZERO_NUM;
+ }
break;
case 'N':
@@ -1994,8 +2002,12 @@
case CMD_ZERO:
ret = zero_entries(chain, options&OPT_VERBOSE, *handle);
break;
+ case CMD_ZERO_NUM:
+ ret = iptc_zero_counter(chain, rulenum, *handle);
+ break;
case CMD_LIST:
case CMD_LIST|CMD_ZERO:
+ case CMD_LIST|CMD_ZERO_NUM:
ret = list_entries(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2006,9 +2018,12 @@
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, *handle);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
+ case CMD_LIST_RULES|CMD_ZERO_NUM:
ret = list_rules(chain,
rulenum,
options&OPT_VERBOSE,
@@ -2016,6 +2031,8 @@
if (ret && (command & CMD_ZERO))
ret = zero_entries(chain,
options&OPT_VERBOSE, *handle);
+ if (ret && (command & CMD_ZERO_NUM))
+ ret = iptc_zero_counter(chain, rulenum, *handle);
break;
case CMD_NEW_CHAIN:
ret = iptc_create_chain(chain, *handle);